We've audited a lot of AI-built code at this point — Cursor, Bolt, Lovable, Replit, you name it. The tools are different but the output patterns are remarkably consistent.

What's usually good: The UI. The page layouts. The user flows. AI tools are excellent at generating presentable interfaces. If you show us a prototype and the screens look solid, they probably are. We keep the frontend design most of the time.

What's usually broken:

1. Auth is always wrong. Plain text passwords, missing session management, no rate limiting. Every single project. It's the first thing we check and it's never right.

2. The business logic is decorative. The code looks like it does something meaningful — a matching algorithm, a pricing calculator, a recommendation engine — but when you trace the logic, it's shuffling data around without actually computing anything useful.

3. No error handling. The happy path works beautifully. Anything else crashes. No graceful degradation, no retry logic, no user-facing error messages.

4. State leaks everywhere. User A sees User B's data. Forms lose input on navigation. Session state bleeds across requests. This one is the scariest in healthcare or fintech.

5. It can't be extended. Every feature is tangled with every other feature. Adding something new breaks something old. There's no architecture — just a flat pile of code that happens to work for the demo.

None of this means the prototype is worthless. It means the prototype is a prototype, not a product. Know the difference and you'll make good decisions about what to do next.

Keep Reading

My First Weekend Running NanoClaw on a Mac Mini

Agency Vs Ai App Builder

When the Demo Is the Spec

Why We Still Use Rails

Tools & Quality Assurance